$OpenBSD: patch-protocols_yahoo_libyahoo2_c,v 1.3 2004/10/21 14:48:51 naddy Exp $ --- protocols/yahoo/libyahoo2.c.orig Sat Sep 25 21:26:09 2004 +++ protocols/yahoo/libyahoo2.c Thu Oct 14 15:43:35 2004 @@ -638,7 +638,7 @@ static void yahoo_packet_read(struct yah } } -static void yahoo_packet_write(struct yahoo_packet *pkt, unsigned char *data) +static void yahoo_packet_write(struct yahoo_packet *pkt, unsigned char *data, size_t data_len) { YList *l; int pos = 0; @@ -648,12 +648,12 @@ static void yahoo_packet_write(struct ya unsigned char buf[100]; snprintf((char *)buf, sizeof(buf), "%d", pair->key); - strcpy((char *)data + pos, (char *)buf); + strlcpy((char *)data + pos, (char *)buf, data_len - pos); pos += strlen((char *)buf); data[pos++] = 0xc0; data[pos++] = 0x80; - strcpy((char *)data + pos, pair->value); + strlcpy((char *)data + pos, pair->value, data_len - pos); pos += strlen(pair->value); data[pos++] = 0xc0; data[pos++] = 0x80; @@ -762,7 +762,7 @@ static void yahoo_send_packet(struct yah pos += yahoo_put32(data + pos, pkt->status); pos += yahoo_put32(data + pos, pkt->id); - yahoo_packet_write(pkt, data + pos); + yahoo_packet_write(pkt, data + pos, len - pos); yahoo_packet_dump(data, len); @@ -1561,8 +1561,10 @@ static void yahoo_process_auth_pre_0x0b( char *crypt_result; unsigned char *password_hash = malloc(25); unsigned char *crypt_hash = malloc(25); - unsigned char *hash_string_p = malloc(50 + strlen(sn)); - unsigned char *hash_string_c = malloc(50 + strlen(sn)); + size_t p_len = 50 + strlen(sn); + size_t c_len = 50 + strlen(sn); + unsigned char *hash_string_p = malloc(p_len); + unsigned char *hash_string_c = malloc(c_len); char checksum; @@ -1589,37 +1591,37 @@ static void yahoo_process_auth_pre_0x0b( switch (sv) { case 0: checksum = seed[seed[7] % 16]; - snprintf((char *)hash_string_p, strlen(sn) + 50, + snprintf((char *)hash_string_p, p_len, "%c%s%s%s", checksum, password_hash, yd->user, seed); - snprintf((char *)hash_string_c, strlen(sn) + 50, + snprintf((char *)hash_string_c, c_len, "%c%s%s%s", checksum, crypt_hash, yd->user, seed); break; case 1: checksum = seed[seed[9] % 16]; - snprintf((char *)hash_string_p, strlen(sn) + 50, + snprintf((char *)hash_string_p, p_len, "%c%s%s%s", checksum, yd->user, seed, password_hash); - snprintf((char *)hash_string_c, strlen(sn) + 50, + snprintf((char *)hash_string_c, c_len, "%c%s%s%s", checksum, yd->user, seed, crypt_hash); break; case 2: checksum = seed[seed[15] % 16]; - snprintf((char *)hash_string_p, strlen(sn) + 50, + snprintf((char *)hash_string_p, p_len, "%c%s%s%s", checksum, seed, password_hash, yd->user); - snprintf((char *)hash_string_c, strlen(sn) + 50, + snprintf((char *)hash_string_c, c_len, "%c%s%s%s", checksum, seed, crypt_hash, yd->user); break; case 3: checksum = seed[seed[1] % 16]; - snprintf((char *)hash_string_p, strlen(sn) + 50, + snprintf((char *)hash_string_p, p_len, "%c%s%s%s", checksum, yd->user, password_hash, seed); - snprintf((char *)hash_string_c, strlen(sn) + 50, + snprintf((char *)hash_string_c, c_len, "%c%s%s%s", checksum, yd->user, crypt_hash, seed); break; case 4: checksum = seed[seed[3] % 16]; - snprintf((char *)hash_string_p, strlen(sn) + 50, + snprintf((char *)hash_string_p, p_len, "%c%s%s%s", checksum, password_hash, seed, yd->user); - snprintf((char *)hash_string_c, strlen(sn) + 50, + snprintf((char *)hash_string_c, c_len, "%c%s%s%s", checksum, crypt_hash, seed, yd->user); break; } @@ -1945,29 +1947,29 @@ static void yahoo_process_auth_0x0b(stru lookup &= 0x1f; if (lookup >= strlen(alphabet1)) break; - sprintf(byte, "%c", alphabet1[lookup]); - strcat(resp_6, byte); - strcat(resp_6, "="); + snprintf(byte, sizeof(byte), "%c", alphabet1[lookup]); + strlcat(resp_6, byte, sizeof(resp_6)); + strlcat(resp_6, "=", sizeof(resp_6)); lookup = (val >> 0x06); lookup &= 0x1f; if (lookup >= strlen(alphabet2)) break; - sprintf(byte, "%c", alphabet2[lookup]); - strcat(resp_6, byte); + snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); + strlcat(resp_6, byte, sizeof(resp_6)); lookup = (val >> 0x01); lookup &= 0x1f; if (lookup >= strlen(alphabet2)) break; - sprintf(byte, "%c", alphabet2[lookup]); - strcat(resp_6, byte); + snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); + strlcat(resp_6, byte, sizeof(resp_6)); lookup = (val & 0x01); if (lookup >= strlen(delimit_lookup)) break; - sprintf(byte, "%c", delimit_lookup[lookup]); - strcat(resp_6, byte); + snprintf(byte, sizeof(byte), "%c", delimit_lookup[lookup]); + strlcat(resp_6, byte, sizeof(resp_6)); } /* Our second authentication response is based off @@ -2036,29 +2038,29 @@ static void yahoo_process_auth_0x0b(stru lookup &= 0x1f; if (lookup >= strlen(alphabet1)) break; - sprintf(byte, "%c", alphabet1[lookup]); - strcat(resp_96, byte); - strcat(resp_96, "="); + snprintf(byte, sizeof(byte), "%c", alphabet1[lookup]); + strlcat(resp_96, byte, sizeof(resp_96)); + strlcat(resp_96, "=", sizeof(resp_96)); lookup = (val >> 0x06); lookup &= 0x1f; if (lookup >= strlen(alphabet2)) break; - sprintf(byte, "%c", alphabet2[lookup]); - strcat(resp_96, byte); + snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); + strlcat(resp_96, byte, sizeof(resp_96)); lookup = (val >> 0x01); lookup &= 0x1f; if (lookup >= strlen(alphabet2)) break; - sprintf(byte, "%c", alphabet2[lookup]); - strcat(resp_96, byte); + snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); + strlcat(resp_96, byte, sizeof(resp_96)); lookup = (val & 0x01); if (lookup >= strlen(delimit_lookup)) break; - sprintf(byte, "%c", delimit_lookup[lookup]); - strcat(resp_96, byte); + snprintf(byte, sizeof(byte), "%c", delimit_lookup[lookup]); + strlcat(resp_96, byte, sizeof(resp_96)); } pack = yahoo_packet_new(YAHOO_SERVICE_AUTHRESP, yd->initial_status, yd->session_id); @@ -3079,11 +3081,9 @@ static void yahoo_process_yab_connection if(yab->nname) { bud->real_name = strdup(yab->nname); } else if(yab->fname && yab->lname) { - bud->real_name = y_new0(char, - strlen(yab->fname)+ - strlen(yab->lname)+2 - ); - sprintf(bud->real_name, "%s %s", + size_t len = strlen(yab->fname) + strlen(yab->lname) + 2; + bud->real_name = y_new0(char, len); + snprintf(bud->real_name, len, "%s %s", yab->fname, yab->lname); } else if(yab->fname) { bud->real_name = strdup(yab->fname); @@ -3682,7 +3682,7 @@ void yahoo_get_yab(int id) yid->yd = yd; yid->type = YAHOO_CONNECTION_YAB; - snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?ab2=0"); + snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?ab2=0"); snprintf(buff, sizeof(buff), "Y=%s; T=%s", yd->cookie_y, yd->cookie_t); @@ -3709,63 +3709,63 @@ void yahoo_set_yab(int id, struct yab * yid->type = YAHOO_CONNECTION_YAB; yid->yd = yd; - strncpy(url, "http://insider.msg.yahoo.com/ycontent/?addab2=0", size); + strlcpy(url, "http://insider.msg.yahoo.com/ycontent/?addab2=0", size); if(yab->dbid) { /* change existing yab */ char tmp[32]; - strncat(url, "&ee=1&ow=1&id=", size - strlen(url)); + strlcat(url, "&ee=1&ow=1&id=", sizeof(url)); snprintf(tmp, sizeof(tmp), "%d", yab->dbid); - strncat(url, tmp, size - strlen(url)); + strlcat(url, tmp, sizeof(url)); } if(yab->fname) { - strncat(url, "&fn=", size - strlen(url)); + strlcat(url, "&fn=", sizeof(url)); temp = yahoo_urlencode(yab->fname); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } if(yab->lname) { - strncat(url, "&ln=", size - strlen(url)); + strlcat(url, "&ln=", sizeof(url)); temp = yahoo_urlencode(yab->lname); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } - strncat(url, "&yid=", size - strlen(url)); + strlcat(url, "&yid=", sizeof(url)); temp = yahoo_urlencode(yab->id); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); if(yab->nname) { - strncat(url, "&nn=", size - strlen(url)); + strlcat(url, "&nn=", sizeof(url)); temp = yahoo_urlencode(yab->nname); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } if(yab->email) { - strncat(url, "&e=", size - strlen(url)); + strlcat(url, "&e=", sizeof(url)); temp = yahoo_urlencode(yab->email); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } if(yab->hphone) { - strncat(url, "&hp=", size - strlen(url)); + strlcat(url, "&hp=", sizeof(url)); temp = yahoo_urlencode(yab->hphone); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } if(yab->wphone) { - strncat(url, "&wp=", size - strlen(url)); + strlcat(url, "&wp=", sizeof(url)); temp = yahoo_urlencode(yab->wphone); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } if(yab->mphone) { - strncat(url, "&mp=", size - strlen(url)); + strlcat(url, "&mp=", sizeof(url)); temp = yahoo_urlencode(yab->mphone); - strncat(url, temp, size - strlen(url)); + strlcat(url, temp, sizeof(url)); free(temp); } - strncat(url, "&pp=0", size - strlen(url)); + strlcat(url, "&pp=0", sizeof(url)); snprintf(buff, sizeof(buff), "Y=%s; T=%s", yd->cookie_y, yd->cookie_t); @@ -4136,9 +4136,9 @@ void yahoo_get_chatrooms(int id, int cha yid->type = YAHOO_CONNECTION_CHATCAT; if (chatroomid == 0) { - snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?chatcat=0"); + snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?chatcat=0"); } else { - snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?chatroom_%d=0",chatroomid); + snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?chatroom_%d=0",chatroomid); } snprintf(buff, sizeof(buff), "Y=%s; T=%s", yd->cookie_y, yd->cookie_t); @@ -4373,7 +4373,7 @@ static void yahoo_search_internal(int id while((p = strchr(ctext, ' '))) *p = '+'; - snprintf(url, 1024, "http://members.yahoo.com/interests?.oc=m&.kw=%s&.sb=%d&.g=%d&.ar=0%s%s%s", + snprintf(url, sizeof(url), "http://members.yahoo.com/interests?.oc=m&.kw=%s&.sb=%d&.g=%d&.ar=0%s%s%s", ctext, t, g, photo ? "&.p=y" : "", yahoo_only ? "&.pg=y" : "", startpos ? buff : "");